Tivoli Storage Manager Server for z/OS Licensed Materials - Property of IBM (C) Copyright IBM Corporation 1990, 2007. All rights reserved. Version 5, Release 4, Level 3.1 This patch level of server provides a supercede for Tivoli Storage Manager for z/OS Version 5 Release 4 Level 3.0 This patch is in the form of ++APAR for SMP/E installability and contains ANRSERV(server executable), ANRMENU (message repository), ANR5540 (README) and ANR5540S (secured FTP access material). This ++APAR requires 5.4.3 PTF UK35388 code installation. See access details below. The following table describes the number of bytes reported by FTP when moving the APAR file. Note: Make sure the PTF files are moved using "binary" file transfer. ______________________________________________________________ PTF | FMID | description AK64789 HDN5540 TSM server The dataset attributes on MVS for this 80 byte record length FB PTF file with 32720 blocksize is 1014 blocks using 3390 DASD. Information on new website is: testcase-yellow.boulder.ibm.com Important Note: TSM maintenance and patch relief is no longer available on service2.boulder.ibm.com New web address enforces SSL protocol. The well known userid, tsm4mvs remains in effect on the new ftp site in addition to passwords that are documented in your ANR5540S member in SAMPLIB. The following syntax can be used from a web browser to gain access to the new secured site. https://testcase-yellow.boulder.ibm.com The browser will prompt for Name: and Password: Name: tsm4mvs Password: (see_member_ANR5540S_in_SAMPLIB) Hint: password is reused from service2.boulder.ibm.com userid tsm4mvs Select fromibm/patches/v5r4/5.4.3.1 The following syntax using a web browser will prompt for userid & pw. https://testcase-yellow.boulder.ibm.com fill the Name: with... tsm4mvs specify password: .... xxxxxxxx Maintenance information for the Tivoli Storage Manager for z/OS server can be found in the following directory: fromibm/patches/v5r4/5.4.3.1 Be sure to use binary transfer with secured FTP. Useful Tip: While using https from a browser to access to testcase-yellow.boulder.ibm.com: Two methods for ensuring binary transfer: 1: by default https login will initiate the session for binary transfer. This is noted by the "-> Set ASCII" button just to the right of the File: box. This button toggles from ACSII to Binary. The eFix file can be saved to your file system in binary mode by selecting a "Save As" operation. 2: An alternative is to locate the efix file which is named with ".bin" file extention. First left click on the related file options icon then right click on Download as: application/octet-stream This step is necessary to ensure the fixpack or ptf transfers in binary form. Subsequent FTP movement of PTF or Fixpack must occur as binary transfer. Readme material can be downloaded with ascii file transfer using secured FTP or select Download as: plain/text from the file options when using https. . Additional information on new secured website testcase-yellow.boulder.ibm.com New secured FTP server: ------------------- IMPORTANT NOTE: Only SSL FTP or https browser access allowed. The FTP server is configured to support FTP over SSL/TLS using either Active or Passive FTP modes. However, since Active mode FTP may be disabled by network routers or firewalls by default, customers may have better success using Passive FTP mode. The server uses ports 65024 through 65535 for Passive FTP data connections. The server also supports use of the EPSV ALL FTP command as defined in IETF RFC 2428 FTP Extensions for IPv6 and NATs (http://www.ietf.org/rfc/rfc2428.txt). If supported by the FTP client, this may provide some benefit to customers using Network Address Translation (NAT) devices that also have support for it. The FTP server supports use of SSL version 2, SSL version 3 and TLS version 1. The server accepts both the AUTH SSL (depricated) and AUTH TL commands from the FTP client. The server's SSL certificate is signed by the Equifax Secure Certificate Authority (CA). If this CA is not in the list of trusted CAs for your secure FTP client, the root certificate may be obtained directly from http://www.geotrust.com/resources/root_certificates/index.htm. Note also that the server name specified in the certificate is testcase.boulder.ibm.com (and not testcase-yellow.boulder.ibm.com). Some client software will validate that the hostname of the server being accessed is the same as the name in the server certificate. Secure HTTP over SSL/TLS (HTTPS) HTTP over SSL/TLS (HTTPS) is the secure version of the HTTP protocol use on the World Wide Web. HTTPS uses the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to encrypt the session data. Th Secure File Transfer server supports file upload and download from a web browser using HTTPS. Note: Use of the HTTPS protocol requires explicit login to the Secure File Transfer service. It is not possible to directly link to Secure Fil Transfer files from another web page. It is important to note that some customers may experience difficulties using the FTPS protocol through their network infrastructures. Customers connect to IBM through a variety of firewalls, routers and ISPs that may perform Network Address Translation (NAT) and stateful inspection of FTP traffic flows. Customers may experience problems connecting to or using the server due to the way some network equipment handles FTPS flows. These issues are described in a draft IETF RFC entitled FTP/TLS Friendly Firewalls (http://www.ietf.org/internet-drafts/draft-fordh-ftp-ssl-firewall-07.txt . If necessary, customers should contact their local network support and network providers to determine how to best support FTPS within their environments. IBM supports a secured FTP server where you can find information on maintenance for z/OS and other related materials. The secured FTP site is: testcase-yellow.boulder.ibm.com Use the userid tsm4mvs and the password xxxxxxx Note: IBM security standards require FTP pw changes every 90 days. See ANR5540S samplib member for password changes. Note passwords change every 90 days. If the password must change unexpectedly, like it has in the past after being exposed on a public forum, every effort will be made to use the password for the next pw change period. Thank you, Tivoli Storage Software Development